Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package samba for openSUSE:Factory checked in at 2022-12-25 15:14:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/samba (Old)
and /work/SRC/openSUSE:Factory/.samba.new.1563 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "samba"
Sun Dec 25 15:14:14 2022 rev:290 rq:1044036 version:4.17.4+git.300.305b22bfce
Changes:
--------
--- /work/SRC/openSUSE:Factory/samba/samba.changes 2022-12-03 10:03:24.099161990 +0100
+++ /work/SRC/openSUSE:Factory/.samba.new.1563/samba.changes 2022-12-25 15:14:16.569177203 +0100
@@ -1,0 +2,54 @@
+Thu Dec 15 16:45:28 UTC 2022 - Samuel Cabrero
+
+- Update to 4.17.4
+ * CVE-2022-44640 Upstream Heimdal free of user-controlled
+ pointer in FAST; (bsc#14929);
+ * CVE-2021-20251 Bad password count not incremented atomically;
+ (bsc#14611);
+ * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability;
+ (bsc#15203);
+ * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
+ modern servers; (bso#15237);
+ * CVE-2022-37967 Kerberos constrained delegation ticket forgery
+ possible against Samba AD DC; (bso#15231);
+ * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
+ and should be avoided; (bso#15240);
+ * pam_winbind uses time_t and pointers assuming they are of the
+ same size; (bso#15224);
+ * Heimdal session key selection in AS-REQ examines wrong entry;
+ (bso#15219);
+ * filter-subunit is inefficient with large numbers of
+ knownfails; (bso#15258);
+ * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories;
+ (bso#15252);
+ * The KDC logic arround msDs-supportedEncryptionTypes differs
+ from Windows; (bso#13135);
+ * libnet: change_password() doesn't work with
+ dcerpc_samr_ChangePasswordUser4(); (bso#15206);
+ * Heimdal session key selection in AS-REQ examines wrong entry;
+ (bso#15219);
+ * Memory leak in snprintf replacement functions; (bso#15230);
+ * RODC doesn't reset badPwdCount reliable via an RWDC
+ (CVE-2021-20251 regression); (bso#15253);
+ * Prevent EBADF errors with vfs_glusterfs; (bso#15198);
+ * %U for include directive doesn't work for share listing
+ (netshareenum); (bso#15243);
+ * Stack smashing in net offlinejoin requestodj; (bso#15257);
+ * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
+ (bso#15197);
+ * Heimdal session key selection in AS-REQ examines wrong entry;
+ (bso#15219);
+- Remove deprecated if-{down,up} scripts; (bsc#1206444);
+- Adjust the systemd drop-in file for named service; (bsc#1201689);
+ * Paths are additive so do not repeat paths from named.service
+ * Prefix the samba DLZ directory with "-" to ignore this path
+ if it does not exists
+
+-------------------------------------------------------------------
+Mon Dec 12 08:56:12 UTC 2022 - Stefan Schubert
+
+- Migration PAM settings to /usr/etc: Saving user changed
+ configuration files in /etc and restoring them while an RPM
+ update.
+
+-------------------------------------------------------------------
@@ -9 +63,2 @@
-- CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
+- Update to 4.17.3
+ * CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit
Old:
----
samba-4.17.3+git.283.2157972742b.tar.bz2
New:
----
samba-4.17.4+git.300.305b22bfce.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samba.spec ++++++
--- /var/tmp/diff_new_pack.xVRq7g/_old 2022-12-25 15:14:17.481182365 +0100
+++ /var/tmp/diff_new_pack.xVRq7g/_new 2022-12-25 15:14:17.485182387 +0100
@@ -22,7 +22,11 @@
%{!?_fillupdir:%global _fillupdir /var/adm/fillup-templates}
%{!?_tmpfilesdir:%global _tmpfilesdir /usr/lib/tmpfiles.d}
%{!?_pam_moduledir:%global _pam_moduledir /%{_lib}/security}
+%if 0%{?suse_version} > 1500
+%global _pam_confdir %{_distconfdir}/pam.d
+%else
%{!?_pam_confdir:%global _pam_confdir %{_sysconfdir}/pam.d}
+%endif
%{!?_pam_secconfdir:%global _pam_secconfdir %{_sysconfdir}/security}
%define with_mscat 1
@@ -148,7 +152,7 @@
%endif
BuildRequires: sysuser-tools
-Version: 4.17.3+git.283.2157972742b
+Version: 4.17.4+git.300.305b22bfce
Release: 0
URL: https://www.samba.org/
Obsoletes: samba-32bit < %{version}
@@ -181,7 +185,6 @@
%define CONFIGDIR %{_sysconfdir}/samba
%define INITDIR %{_sysconfdir}/init.d
%define PIDDIR /run/samba
-%define NET_CFGDIR network
%define auth_modules auth_unix,auth_wbc,auth_server,auth_netlogond,auth_script,auth_samba4
%define idmap_modules idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_rfc2307,idmap_rid,idmap_tdb2
%define pdb_modules pdb_tdbsam,pdb_ldapsam,pdb_smbpasswd,pdb_samba_dsdb
@@ -711,7 +714,6 @@
%{buildroot}/%_pam_confdir \
%{buildroot}/%{_sysconfdir}/{xinetd.d,logrotate.d} \
%{buildroot}/%{_sysconfdir}/openldap/schema \
- %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/{if-{down,up}.d,scripts} \
%{buildroot}/%{_sysconfdir}/security \
%{buildroot}/%{_sysconfdir}/slp.reg.d \
%{buildroot}/%{CONFIGDIR} \
@@ -826,18 +828,6 @@
install -m 0644 config/dhcp.conf %{buildroot}/%{_fillupdir}/samba-client-dhcp.conf
install -m 0644 config/sysconfig.dhcp-samba-client %{buildroot}/%{_fillupdir}/sysconfig.dhcp-samba-client
-# Network scripts
-NETWORK_SCRIPTS="samba-winbindd"
-for script in ${NETWORK_SCRIPTS}; do
- install -m 0755 "tools/${script}" "%{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/${script}"
-done
-
-# Create ghosts for the symlinks
-NETWORK_LINKS="55-samba-winbindd"
-for script in ${NETWORK_LINKS}; do
- touch %{buildroot}/%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-{down,up}.d/${script}
-done
-
# Add logrotate settings for nmbd and smbd only on systems newer than 8.1.
%if 0%{?suse_version} > 1500
mkdir -p %{buildroot}%{_distconfdir}/logrotate.d
@@ -937,7 +927,7 @@
%service_add_pre nmb.service smb.service
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/etc; save any old .rpmsave
-for i in logrotate.d/samba ; do
+for i in logrotate.d/samba pam.d/samba; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%endif
@@ -945,7 +935,7 @@
%if 0%{?suse_version} > 1500
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
-for i in logrotate.d/samba ; do
+for i in logrotate.d/samba pam.d/samba; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
@@ -1058,17 +1048,6 @@
%post winbind
/sbin/ldconfig
-if test ${1:-0} -eq 1; then
- ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-down.d/55-samba-winbindd
- ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-up.d/55-samba-winbindd
-else
- for if_case in if-down.d if-up.d; do
- test -h %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/samba-winbindd || \
- continue
- rm -f %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/samba-winbindd
- ln -fs %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/${if_case}/55-samba-winbindd
- done
-fi
%service_add_post winbind.service
%tmpfiles_create samba.conf
%{fillup_only -ans samba winbind}
@@ -1618,9 +1597,6 @@
%defattr(-,root,root)
%config(noreplace) %_pam_secconfdir/pam_winbind.conf
%{_unitdir}/winbind.service
-%ghost %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-down.d/55-samba-winbindd
-%ghost %{_sysconfdir}/sysconfig/%{NET_CFGDIR}/if-up.d/55-samba-winbindd
-%{_sysconfdir}/sysconfig/%{NET_CFGDIR}/scripts/samba-winbindd
%{_sysusersdir}/samba-winbind.conf
%{_bindir}/ntlm_auth
%{_bindir}/wbinfo
++++++ samba-4.17.3+git.283.2157972742b.tar.bz2 -> samba-4.17.4+git.300.305b22bfce.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/samba/samba-4.17.3+git.283.2157972742b.tar.bz2 /work/SRC/openSUSE:Factory/.samba.new.1563/samba-4.17.4+git.300.305b22bfce.tar.bz2 differ: char 11, line 1